Esempio n. 1
0
 public static function set($usr)
 {
     if (self::$user != null) {
         error_logging('ERROR', "Currentuser class being overwritten");
         return new error('Invalid user.');
     } else {
         if (get_class($usr) != 'user') {
             error_logging('ERROR', 'Attempt to run currentuser::set() with class of wrong type; ' . get_class($usr));
             return new error('Invalid class use.');
         } else {
             if (!$usr->populated) {
                 error_logging('ERROR', 'Attempted to use unpopulated class as current user.');
                 return new error('Invalid user.');
             } else {
                 if ($usr->getID() < 1) {
                     error_logging('ERROR', 'Attempted to use broken user class as current user. ID;' . $usr->getID());
                     return new error('Invalid user.');
                 } else {
                     if ($usr->enabled != 1) {
                         error_logging('ERROR', 'Attempted to use disabled user class as current user.');
                         return new error('Invalid user.');
                     } else {
                         error_logging('DEBUG', 'currentuser setting new user id; ' . $usr->getID());
                         self::$user = $usr;
                     }
                 }
             }
         }
     }
     return self::$user;
 }
Esempio n. 2
0
 /**
  * Returns some basic info about the current user.
  * 
  * @param $params - ignored, filled for API concurrency.
  * @return response array with username, id, fullname
  * 
  */
 function run($params)
 {
     if (currentuser::getInstance() != null) {
         $response = new response('Success');
         $user = currentuser::getInstance();
         $response->set('name', $user->fullname);
         $response->set('user', $user->getUsername());
         $response->set('id', $user->getID());
         return $response;
     } else {
         return new error('Access denied', 403);
     }
 }
Esempio n. 3
0
 public function create($urgency, $importance, $type, $person, $brief, $details, $sys)
 {
     // We are creating a WR
     // request_id is automatic
     // request_on is automatic
     // active is automatic - do we ever want it to be false initially?
     // last_status I don't want to do right now
     //wap_status - is it ever used?
     //sla_response_hours - don't care yet
     if (is_numeric($urgency)) {
         $this->urgency = intval($urgency);
     } else {
         return new error("Urgency must be numeric");
     }
     $this->importance = intval($importance);
     $this->request_type = intval($type);
     $this->requester_id = intval($person);
     $this->brief = $brief;
     //TODO secure this
     $this->detailed = $details;
     //TODO secure this
     $user = currentuser::getInstance();
     $entered_by = $user->getUserId();
     $this->entered_by = $entered_by;
     if (is_numeric($sys)) {
         $this->system_id = intval($sys);
     } else {
         return new error("System ID must be numeric");
     }
     // Make sure the person exists
     //eta -- old, can't see a use for it
     //last_activity -- auto updates
     //sla_response_time and sla_response_type -- don't care yet
     //requested_by_date -- TODO
     //agreed_due_date -- TODO
     //request_by -- Can be null?
     //parent_request -- TODO don't care yet
     //invoice_to -- TODO
     return $this->writeToDatabase();
 }
Esempio n. 4
0
 /**
  * Calls all the methods necessary to do a login
  *
  * @param $params
  *      Array of parameters
  *      - $params['POST']['username']: The username of the user POSTed to the page 
  *      - $params['POST']['password']: The password of the user POSTed to the page 
  * @return
  *      A response object with a session ID on success, an error object on failure to login
  */
 public function do_login($params)
 {
     /* 
      * Assumes we've already checked for an existing session - which we do in index
      * Will hand out as many sessions for a valid login as the user wants
      * If we had malicious users they could use this to flood memcache and force other users sessions to expire
      */
     $username = $params['POST']['username'];
     # Don't allow logins via GET!
     $password = $params['POST']['password'];
     # Don't allow logins via GET!
     /*
      * Make sure we were called properly
      */
     if (is_null($username) || empty($username)) {
         return new error('No username supplied', 403);
     }
     if (is_null($password) || empty($password)) {
         return new error('No password supplied', 403);
     }
     if (login::valid_credentials($username, $password, $user_id, $response)) {
         // Make a session and all that lovely stuff
         // If we successfully put out session into memcache
         if (login::create_session($user_id, &$response)) {
             currentuser::set(new user($user_id));
             $resp = new response('Login success');
             $resp->set('session_id', $response);
             $resp->set('user_id', $user_id);
             return $resp;
         } else {
             return new error($response, 500);
         }
     } else {
         return new error($response, 403);
     }
 }
 /**
  * Performs the insert of the timesheet
  *
  * @param $params
  *   Associative array of parameters
  *   - $params->wr: Work Request ID
  *   - $params->datetime: The date and time to record the timesheet for in ISO format
  *   - $params->quantity: The quantity of units to add
  *   - $params->units: The units to use (default: hours)
  *   - $params->rate: Optional rate of charge - if not supplied we apply the WRMS logic. - Note: If units is 'amount' then rate is required
  *   - $params->description: A description about what the time was spent on
  * @return
  *   TRUE on success, FALSE on failure to add
  */
 function run($params)
 {
     // All the things we might need to enter a timesheet
     $wr = $params['GET']['wr'];
     $datetime = $params['GET']['datetime'];
     $quantity = $params['GET']['quantity'];
     $units = $params['GET']['units'];
     $rate = $params['GET']['rate'];
     $description = $params['GET']['description'];
     $needsreview = (int) (bool) $params['GET']['needs_review'];
     // Who are we logged in as, and can we actually add timesheets?
     $user = currentuser::getInstance();
     $access = access::getInstance();
     if ($access->permitted('wr/timesheet/add', $wr)) {
         // Get the ID of the user
         $id = $user->getID();
         if ($id == null) {
             return new error('You must be logged in to add a timesheet', '403');
         }
         // Is this a real WR?
         $result = db_query("SELECT request_id FROM request WHERE request_id = %d", $wr);
         if (db_fetch_object($result) == null) {
             return new error("You cannot put time against a non-existant work request", '405');
         }
         // Make sure the date and time are valid - convert to wrms-happy timestamp
         $timestamp = date('Y-m-d H:i:s', strtotime($datetime));
         if ($timestamp == 0 || $timestamp == 43200) {
             # Change to proper UTC time at some point
             return new error('Unable to add timesheet: Invalid date', 400);
         }
         // Get the amount of time worked -- Can't be negative or zero
         if ($quantity <= 0) {
             return new error("Unable to add timesheet: You can't work 0 hours or less on a WR", '405');
         }
         /*
          * So there's more than one way to log 'time' on a WR
          * The standard is hours, so this will be the default if you don't specify
          * Days is only here because of the few that use it - I personally would love to see it gone forever
          * Amount is for when you buy hardware or a fixed cost item as part of a WR - new server - travel expenses, etc.
          * All the others I've yet to find a reason to implement
          */
         switch ($units) {
             case 'hours':
                 // If we are in hours, then our job is very simple - we do nothing and the SQL figures itself out
                 break;
             case 'days':
                 // If we are in days, then our job is very simple - we do nothing and the SQL figures itself out
                 break;
             case 'minutes':
                 // If we don't handle minutes, we'll pass it in as hours, and that'll be bad.
                 break;
             case 'amount':
                 if (empty($rate)) {
                     return new error('Unable to add timesheet: you must specify a rate when adding an amount to a WR', '400');
                 } else {
                     if (!is_numeric($rate)) {
                         return new error('Unable to add timesheet: rate must be a numeric value', '400');
                     }
                 }
                 // So long as we've got this far the below rate calculation logic won't be applied
                 break;
             case 'dollars':
                 return new error('dollars not implemented for this method - please use hours, days or amount', 406);
                 break;
             case 'pounds':
                 return new error('pounds not implemented for this method - please use hours, days or amount', 406);
                 break;
             case 'euros':
                 return new error('euros not implemented for this method - please use hours, days or amount', 406);
                 break;
             case 'usd':
                 return new error('usd not implemented for this method - please use hours, days or amount', 406);
                 break;
             case 'aud':
                 return new error('aud not implemented for this method - please use hours, days or amount', 406);
                 break;
             default:
                 $units = 'hours';
                 break;
         }
         /*
          * Okay, I'm not saying this logic is any good, but it's what WRMS 2.0 does (pick the first that applies)
          * 1. If the user has specified a rate in the call to this method, use that
          * 2. If the client has a rate set, use that rate
          * 3. If the user has a rate set, use that rate
          * 4. If the supplier has a rate set, use that rate
          * 5. Default to the config value (120 at time of coding, but configurable from lib/medusa/config/config.php)
          */
         // If we haven't got a rate, set $rate to null so the default rate logic will kick in
         if (empty($rate)) {
             $rate = null;
         } else {
             if (!is_numeric($rate)) {
                 return new error('Unable to add timesheet: rate must be numeric', '400');
             }
         }
         // Check the rate for the client (requestor)
         if ($rate == null) {
             $result = db_query("SELECT work_rate FROM request \n                                        INNER JOIN usr ON (request.requester_id = usr.user_no) \n                                        INNER JOIN organisation_plus ON (usr.org_code = organisation_plus.org_code) \n                                        WHERE request.request_id=%d LIMIT 1", $wr);
             while ($row = db_fetch_object($result)) {
                 $rate = $row->work_rate;
             }
         }
         // If we didn't have any luck there, check the rate for the user
         if ($rate == null) {
             $result = db_query("SELECT base_rate FROM usr WHERE user_no=%d LIMIT 1", $id);
             while ($row = db_fetch_object($result)) {
                 $rate = $row->base_rate;
             }
         }
         // Still no luck? Check the supplier rate
         if ($rate == null) {
             $result = db_query("SELECT work_rate FROM usr INNER JOIN organisation_plus ON (usr.org_code = organisation_plus.org_code) \n                                        WHERE usr.user_no=%d LIMIT 1", $id);
             while ($row = db_fetch_object($result)) {
                 $rate = $row->work_rate;
             }
         }
         // If all our options have failed us, set a default rate from config
         if ($rate == null) {
             $rate = DEFAULT_CHARGE_RATE;
         }
         // Description - URL Encoded
         $description = urldecode($description);
         // I know "$quantity $units" looks bad, postgres puts this into an 'interval' database field, so _it_ figures out how to make it nice, not us
         if ($units != 'amount') {
             $duration = "{$quantity} {$units}";
         } else {
             $duration = "null";
         }
         $result = db_query("INSERT INTO request_timesheet (request_id, work_on, work_quantity, work_duration, work_by_id, work_description, work_rate, work_units, review_needed)\n                                VALUES (%d, '%s', %d, '%s', %d, '%s', %d, '%s', %b)", $wr, $timestamp, $quantity, $duration, $id, $description, $rate, $units, $needsreview);
         if ($result == false) {
             return new error('Database query failed', '500');
         } else {
             return new response('Success');
         }
     } else {
         return new error('You are not authorised to add timesheets', 403);
     }
 }
Esempio n. 6
0
}
if (is_null($params['POST']['session_id'])) {
    # Problem, complain not logged in and boot out, unless doing a login
    if ($method == 'wrms_login' && class_exists($method)) {
        error_logging('DEBUG', "Creating class login::");
        $class = new wrms_login();
        $result = $class->run($params);
    } else {
        $result = new error("Session not set.");
        error_logging('WARNING', 'session_id not set');
    }
} else {
    currentuser::set(new user(login::check_session($params['POST']['session_id'])));
    if (currentuser::getInstance() != null) {
        if (substr($method, 0, 5) == 'wrms_' && class_exists($method)) {
            $access = access::getInstance();
            $access->setUser(currentuser::getInstance());
            error_logging('DEBUG', "method {$method} exists");
            $class = new $method();
            error_logging('DEBUG', "about to run {$method}");
            $result = $class->run($params);
        } else {
            error_logging('WARNING', "Method {$method} does not exist");
            $result = new error("The method you are trying to call does not exist");
        }
    } else {
        error_logging('DEBUG', "Session is invalid, timed out, or no longer exists.");
        $result = new error("Session is invalid, timed out, or no longer exists.");
    }
}
echo $response_renderer->render($result);