/** * */ function initEnv(&$dbHandler) { $_REQUEST = strings_stripSlashes($_REQUEST); // input from GET['HelloString3'], // type: string, // minLen: 1, // maxLen: 15, // regular expression: null // checkFunction: applys checks via checkFooOrBar() to ensure its either 'foo' or 'bar' // normalization: done via normFunction() which replaces ',' with '.' // "HelloString3" => array("GET",tlInputParameter::STRING_N,1,15,'checkFooOrBar','normFunction'), // $iParams = array("operation" => array(tlInputParameter::STRING_N, 0, 50), "user" => array(tlInputParameter::INT_N)); $pParams = R_PARAMS($iParams); $args = new stdClass(); $args->operation = $pParams["operation"]; $args->user_id = $pParams['user']; $args->currentUser = $_SESSION['currentUser']; $args->currentUserID = $_SESSION['currentUser']->dbID; $args->basehref = $_SESSION['basehref']; $gui = new stdClass(); $gui->grants = getGrantsForUserMgmt($dbHandler, $args->currentUser); $gui->result = null; $gui->action = null; $gui->user_feedback = ''; $gui->basehref = $args->basehref; return array($args, $gui); }
default: $highlight->create_user = 1; $user = new tlUser(); break; } $gui->op->operation = $actionOperation[$args->doAction]; $roles = tlRole::getAll($db, null, null, null, tlRole::TLOBJ_O_GET_DETAIL_MINIMUM); unset($roles[TL_ROLES_UNDEFINED]); $smarty = new TLSmarty(); $smarty->assign('gui', $gui); $smarty->assign('highlight', $highlight); $smarty->assign('operation', $gui->op->operation); $smarty->assign('user_feedback', $gui->op->user_feedback); $smarty->assign('external_password_mgmt', tlUser::isPasswordMgtExternal($user->authentication)); $smarty->assign('mgt_view_events', $_SESSION['currentUser']->hasRight($db, "mgt_view_events")); $smarty->assign('grants', getGrantsForUserMgmt($db, $_SESSION['currentUser'])); $smarty->assign('optRights', $roles); $smarty->assign('userData', $user); renderGui($smarty, $args, $templateCfg); /** * * */ function init_args() { $_REQUEST = strings_stripSlashes($_REQUEST); $iParams = array("delete" => array(tlInputParameter::INT_N), "user" => array(tlInputParameter::INT_N), "user_id" => array(tlInputParameter::INT_N), "rights_id" => array(tlInputParameter::INT_N), "doAction" => array(tlInputParameter::STRING_N, 0, 30), "firstName" => array(tlInputParameter::STRING_N, 0, 30), "lastName" => array(tlInputParameter::STRING_N, 0, 100), "emailAddress" => array(tlInputParameter::STRING_N, 0, 100), "locale" => array(tlInputParameter::STRING_N, 0, 10), "login" => array(tlInputParameter::STRING_N, 0, 30), "password" => array(tlInputParameter::STRING_N, 0, 32), "authentication" => array(tlInputParameter::STRING_N, 0, 10), "user_is_active" => array(tlInputParameter::CB_BOOL)); $args = new stdClass(); R_PARAMS($iParams, $args); return $args; }
// -------------------------------------------------------------------------- switch ($assignRolesFor) { case 'testproject': $info = getTestProjectEffectiveRoles($db, $tprojectMgr, $args, $gui->users); list($gui->userFeatureRoles, $gui->features, $gui->featureID) = $info; $target->testprojectID = $gui->featureID; break; case 'testplan': $info = getTestPlanEffectiveRoles($db, $tplanMgr, $tprojectMgr, $args, $gui->users); if (is_null($info)) { $gui->user_feedback = lang_get('no_test_plans_available'); } list($gui->userFeatureRoles, $gui->features, $gui->featureID) = $info; break; } $gui->grants = getGrantsForUserMgmt($db, $args->user, $target->testprojectID, -1); $gui->accessTypeImg = ''; if (is_null($gui->features) || count($gui->features) == 0) { $gui->features = null; if ($gui->user_feedback == '') { $gui->user_feedback = $gui->not_for_you; } } else { $imgSet = $smarty->getImages(); $accessKey = 'vorsicht'; if (isset($gui->features[$gui->featureID])) { $accessKey = $gui->features[$gui->featureID]['is_public'] ? 'public' : 'private'; $gui->accessTypeImg = '<img src="' . $imgSet[$accessKey] . '" title="' . lang_get('access_' . $accessKey) . '" >'; } $gui->accessTypeImg = '<img src="' . $imgSet[$accessKey] . '" title="' . lang_get('access_' . $accessKey) . '" >'; }
function complete_gui(&$dbHandler, &$guiObj, &$argsObj, &$roleObj, &$webEditorObj) { $actionCfg['operation'] = array('create' => 'doCreate', 'edit' => 'doUpdate', 'doCreate' => 'doCreate', 'doUpdate' => 'doUpdate', 'duplicate' => 'duplicate'); $actionCfg['highlight'] = array('create' => 'create_role', 'edit' => 'edit_role', 'doCreate' => 'create_role', 'doUpdate' => 'edit_role', 'duplicate' => 'create_role'); $guiObj->highlight->{$actionCfg}['highlight'][$argsObj->doAction] = 1; $guiObj->operation = $actionCfg['operation'][$argsObj->doAction]; $guiObj->role = $roleObj; $guiObj->grants = getGrantsForUserMgmt($dbHandler, $_SESSION['currentUser']); $guiObj->rightsCfg = getRightsCfg(); $guiObj->mgt_view_events = $_SESSION['currentUser']->hasRight($db, "mgt_view_events"); $guiObj->disabledAttr = $guiObj->roleCanBeEdited ? ' ' : ' disabled="disabled" '; // Create status for all checkboxes and set to unchecked foreach ($guiObj->rightsCfg as $grantDetails) { foreach ($grantDetails as $grantCode => $grantDescription) { $guiObj->checkboxStatus[$grantCode] = "" . $guiObj->disabledAttr; } } if ($roleObj->dbID) { $webEditorObj->Value = $roleObj->description; // build checked attribute for checkboxes if (sizeof($roleObj->rights)) { foreach ($roleObj->rights as $key => $right) { $guiObj->checkboxStatus[$right->name] = ' checked="checked" ' . $guiObj->disabledAttr; } } //get all users which are affected by changing the role definition $guiObj->affectedUsers = $roleObj->getAllUsersWithRole($dbHandler); } $guiObj->notes = $webEditorObj->CreateHTML(); return $guiObj; }
* @link http://www.teamst.org/index.php * * * @internal Revisions: * 20100419 - franciscom - BUGID 3355: A user can not be deleted from the list * 20100326 - franciscom - BUGID 3324 * 20100106 - franciscom - security improvement - checkUserOrderBy() * (after scanning with Acunetix Web Security Scanner) * */ require_once "../../config.inc.php"; require_once "users.inc.php"; testlinkInitPage($db, false, false, "checkRights"); $templateCfg = templateConfiguration(); $args = init_args(); $grants = getGrantsForUserMgmt($db, $args->currentUser); $sqlResult = null; $action = null; $user_feedback = ''; $orderBy = new stdClass(); $orderBy->type = 'order_by_login'; $orderBy->dir = array('order_by_login_dir' => 'asc'); switch ($args->operation) { case 'disable': // user cannot disable => inactivate itself if ($args->user_id != $args->currentUserID) { $user = new tlUser($args->user_id); $sqlResult = $user->readFromDB($db); if ($sqlResult >= tl::OK) { $userLogin = $user->login; $sqlResult = $user->setActive($db, 0);
case 'confirmDelete': $doDelete = 1; break; } $userFeedback = null; if ($doDelete) { $userFeedback = deleteRole($db, $args->roleid); //refresh the current user checkSessionValid($db); } $roles = tlRole::getAll($db, null, null, null, tlRole::TLOBJ_O_GET_DETAIL_MINIMUM); $highlight = initialize_tabsmenu(); $highlight->view_roles = 1; $smarty = new TLSmarty(); $smarty->assign('highlight', $highlight); $smarty->assign('grants', getGrantsForUserMgmt($db, $args->currentUser)); $smarty->assign('roles', $roles); $smarty->assign('id', $args->roleid); $smarty->assign('sqlResult', $userFeedback); $smarty->assign('affectedUsers', $affectedUsers); $smarty->assign('role_id_replacement', config_get('role_replace_for_deleted_roles')); $smarty->display($templateCfg->template_dir . $templateCfg->default_template); /** * @return object returns the arguments for the page */ function init_args() { $iParams = array("roleid" => array(tlInputParameter::INT_N), "doAction" => array(tlInputParameter::STRING_N, 0, 100)); $args = new stdClass(); $pParams = R_PARAMS($iParams, $args); $args->currentUser = $_SESSION['currentUser'];